-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
build(deps): bump tornado from 6.2 to 6.3.3 in /Documentation #27497
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Failed docs-builder build:
Seems to be available though, not sure what's going on: https://pypi.org/project/tornado/#history |
@dependabot rebase |
Bumps [tornado](https://github.com/tornadoweb/tornado) from 6.2 to 6.3.3. - [Changelog](https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst) - [Commits](tornadoweb/tornado@v6.2.0...v6.3.3) --- updated-dependencies: - dependency-name: tornado dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
391ee79
to
52acec1
Compare
Signed-off-by: Cilium Imagebot <noreply@cilium.io>
@dependabot rebase |
Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry! If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request |
/test |
@zacharysarah the PR seems to be rebased now and it's looking like CI should be passing. Curious what you had in mind when asking dependabot to rebase earlier? Is there still some issue you see with the PR? |
@joestringer The branch shows as out-of-date for me, so I attempted to bring it current by rebase. I don't see any issues otherwise. |
@zacharysarah OK. Given the velocity of the Cilium project, PRs will almost always be "out-of-date" with respect to the base branch, so I don't think it's worth always rebasing. Rebasing also invalidates CI results, which means that we have to re-run CI, and it's not uncommon that by the time CI runs, the branch is out of date again. In general if you're aware of a reason to rebase, such as direct conflicts, or related changes that likely impact the behaviour of the PR, then it may be worth rebasing. Or if you're working on a change and addressing feedback, then rebase. Or maybe once a week if the PR is not merged by then. There is always a chance that the "out-of-date" may introduce a conflict that breaks the tree in some way, and we currently just deal with that as conflicts are introduced. We're also exploring whether merge queues may assist with mitigating this risk. For context, in the case above, I rebased just because it seemed like maybe there was an issue with out-of-date CI workflows, so I figured that rebasing might resolve the failures. |
Filed #27672 for the failure, it's clearly unrelated to the change here. |
Bumps tornado from 6.2 to 6.3.3.
Changelog
Sourced from tornado's changelog.
... (truncated)
Commits
e4d6984
Merge pull request #3307 from bdarnell/branch6.36a9e6fb
ci: Don't test py312 in branch6.35c8a9a4
Set version to 6.3.37dfe8b5
httpserver_test: Add ExpectLog to fix CI217295b
http1connection: Make content-length parsing more stricte3aa6c5
Merge pull request #3267 from bdarnell/branch6.334f5c1c
Version 6.3.232ad07c
web: Fix an open redirect in StaticFileHandlere0fa53e
Merge pull request #3257 from bdarnell/build-workflow-wstest-warningf5a1d5c
ci: Only run pypi actions from the main repoDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.